NSA aims to plug holes that sprang Snowden leaks

NSA official: "Could someone today do what [Snowden] did? No."

Trying to prevent the kind of leaks carried out by former contractor Edward Snowden, National Security Agency (NSA) officials will now tag sensitive documents and data with digital identifiers that limit access to select intelligence analyst, according to a published report. The measure is one of several security reforms being implemented three months after the publication of reams of highly classified reports documenting the agency's expansive surveillance programs.

In addition to allowing sensitive materials to be accessed only by people who have a documented need to review them, the tags will allow NSA leaders to better track what individuals do with the data, National Public Radio reported Wednesday. "Could someone today do what [Snowden] did? No," NSA CTO Lonny Anderson told the news service.

Another reform the NSA has implemented is designed to remove anonymity from the network. "If you've got privileged access to our network, like a systems administrator [has], if you're being given a privilege that very few people have, you're not going to do anything alone," Anderson said. Additionally, NSA security officers are now limiting the options employees have for storing data on their own thumbdrives and other storage devices. As of June, when Snowden reportedly handed over documents to reporters, some NSA computers were equipped with USB ports that connected with thumbdrives. That has since changed.

"One thing we have done post-media leaks is lock those down hard, so those are [now] all in two-person control areas," Anderson said.

It's surprising that the world's biggest and most sophisticated spy agency didn't have these measures in place already. The NPR report said the documents Snowden leaked had all been stored in a file-sharing location on the NSA's intranet. They were easily accessible to analysts so they could read them online and discuss them. Making information easier to access was one of the lessons that gradually came out of the September 11 attacks, which critics say might have been prevented if intelligence agencies had done a better job of sharing information.